Friday, June 26, 2009

Truth and the Internet


By Vinton G. Cerf

Truth is a powerful solvent. Stone walls melt before its relentless might. The Internet is one of the most powerful agents of freedom. It exposes truth to those who wish to see it. It is no wonder that some governments and organizations fear the Internet and its ability to make the truth known.

But the power of the Internet is like a two-edged sword. It can also deliver misinformation and uncorroborated opinion with equal ease. The thoughtful and the thoughtless co-exist side by side in the Internet's electronic universe. What's to be done?

There are no electronic filters that separate truth from fiction. No cognitive "V-chip" to sort the gold from the lead. We have but one tool to apply: critical thinking. This truth applies as well to all other communication media, not only the Internet. Perhaps the World Wide Web merely forces us to see this more clearly than other media. The stark juxtaposition of valuable and valueless content sets one to thinking. Here is an opportunity to educate us all. We truly must think about what we see and hear. We must evaluate and select. We must choose our guides. What better lesson than this to teach our young children to prepare them for a new century of social, economic and technological change?

Let us make a new Century resolution to teach our children to think more deeply about what they see and hear. That, more than any electronic filter, will build a foundation upon which truth can stand

Available at ISOC.

Principles of the Law of Software Contracts

i very highly recommend a read through the overview and remarks made by Bob Hillman as can be found on the ContractsProfBlog for better understanding of the principles and their aim.

Thursday, June 18, 2009

Online bloggers cannot expect privacy

Available at: Law-Now.com

In a landmark decision relating to confidentiality on the Internet, a police officer who wrote an anonymous blog has lost the legal battle to keep his identity secret.

Detective Constable Richard Horton, of Lancashire Constabulary, chronicled his behind-the-scenes experiences of frontline policing in his cult pseudonymous NightJack blog, which in April won this year’s Orwell blogging prize for political writing. He was also courted by agents and publishers hoping to secure the rights to his work.

When a journalist from The Times uncovered Mr Horton as the blog’s author, Mr Horton sought an injunction from the High Court to prohibit the newspaper from publishing the information. At the hearing to decide the issue, which took place on 4 June 2009, Mr Justice Eady granted “temporary cover” to restrain publication of the information, at least until he had considered the parties’ arguments and made his judgment.

At the hearing, Mr Horton’s counsel argued that his name should remain secret as Mr Horton was at risk of disciplinary action for breaching police regulations. Certain cases that he reported on the NightJack blog, although anonymised, could still be traced back to genuine prosecutions and, in places, Mr Horton roundly criticised the criminal justice system. Mr Justice Eady rejected this argument as “unattractive”, adding, “I do not accept that it is part of the court’s function to protect police officers who are… acting in breach of police discipline regulations.

Mr Horton’s counsel also argued that there was a public interest in allowing bloggers to share their opinions but not their names. He said that thousands of bloggers would be “horrified” if they could be unmasked similarly.

Counsel for the Times responded that there was a public interest in exposing a police officer’s breach of his obligations under the statutory police code and under his general public law duty to protect information obtained during the course of a police investigation.

On 16 June 2009, Mr Justice Eady handed down his judgment. He removed the interim injunction that had been in place since 4 June 2009, ruling that Mr Horton could have no reasonable expectation of privacy “because blogging is essentially a public rather than private activity”. Mr Horton’s identity did not have the requisite “quality of confidence”, as defined in the leading case relating to breach of confidence, Coco v A N Clark. Its publication would not, therefore, contravene the right to privacy afforded by Article 8 of the European Convention on Human Rights. In any event, the court added that the public interest inherent in revealing Mr Horton’s identity as a police officer would outweigh any right to privacy claimed.

For authors of blogs wishing to remain anonymous, particularly authors of blogs that reveal confidential or controversial information about their employer, this judgment serves as a warning that the courts will generally not offer protection if their identities are discovered and threatened to be published.

Wednesday, June 17, 2009

Final Report: Digital Britain

The Digital Britain Report sets out the Government's plans across a broad range of communications technologies to ensure Britain's communications infrastructure and content remain as competitive, inclusive and forward-looking as possible.

Friday, June 12, 2009

France: three-strikes rule knocked for six

Law-now.com

In France, the government has turned the prevention of P2P downloading into a political issue of great importance. The Creative Works and Internet Law (CNIL) recently came into force, passing through the French Parliament on the second attempt. CNIL created an independent enforcement authority designed to protect intellectual property on the Internet called the "Haute Autorite pour la diffusion des oeuvres et la protection des droits d’auteur sur Internet" (HADOPI), similar to the proposed Digital Rights Agency.

HADOPI was intended to be the means to implement a ‘three-strikes’ policy. If an alleged infringement of IP rights were detected HADOPI would send a customer a warning letter reminding him of his obligations and possible sanctions. If another infringement occurred within six months, HADOPI would send a second warning letter. If a further infringement occurred within a year of the second warning, HADOPI would suspend the account for between one month and one year, during which time the customer would not be allowed to enter into another agreement with another service provider to get access to the Internet. Internet Service Providers (ISPs) were required to comply with HADOPI’s rulings or be fined up to 5000 Euros.

Fundamental freedoms

On 10 June 2009 the French Constitutional Council ruled that the three-strikes procedure was unconstitutional. The Council was critical that the procedure empowered an administrative body to perform a role that ought to be performed by the judicial function. The French Constitutional Council also defended freedom of expression and communication as so valuable that their exercise is a "prerequisite for democracy". Any attacks on it would have to be necessary appropriate and proportionate. The new law was illegal as it breached citizens’ fundamental rights to privacy and free access to online communications.

Guilty until proven innocent

The Council also noted that the CNIL and the nature of the sanctions it was designed to impose presupposed guilt. While the procedure had an appeal mechanism, the burden of proof was on the Internet user to demonstrate his or her innocence. The Council ruled that it is a fundamental principle of French law that a person is innocent until proven guilty, and that the French legislature could not establish a presumption of guilt in this case even when they had left the decision making to an administrative body.

What next?

The decision would appear to send the CNIL back to the drawing board. However the French Government may resubmit the law, modified to take the court’s objections into account, for example by creating a special judicial court.

The Telecoms Package

The French Constitutional Council’s view is wholly consistent with the views of the European Parliament, which recently voted on an amendment to the wording of the proposed Telecoms Package stating that a user's Internet access may not be restricted without a prior ruling by judicial authorities. This amendment (actually a reinstatement of an old amendment that had been removed) means that the European Parliament have chosen a position that is at odds as regards the Telecoms Package compromise they had agreed with the European Council. As a result the Telecoms Package must go back to a renegotiation process known as conciliation.

The British Approach

Meanwhile the UK government has its own plans to legislate to address P2P file sharing. The government consulted on legislative options to tackle this issue last summer. This consultation revealed that there was no consensus between content owners, ISPs and consumer organisations about how best to prevent the current widespread and unauthorised downloading of copyright protected material (see here for more details). Having taken on board a variety of views, the government outlined its vision for the future in its Interim Digital Britain Report. The report recommended the creation of a Digital Rights Agency to coordinate attempts to prevent illicit file-sharing on the Internet. Recently the UK Intellectual Property Office canvassed views on how the Digital Rights Agency should operate.

The government is due to set out its plans, and to begin a fresh consultation on the issue, in the final Digital Britain Report which is due to be published on 16 June 2009. Giving an indication of what it may contain, Andy Burnham, who until recently was the Culture Secretary before being moved to the Department of Health, in a keynote speech at Music Week’s ‘Making Online Music Pay’ conference on 4 June referred to possible ‘technical solutions’ that could be employed as sanctions. It is not yet clear what those "technical solutions" would be, although Mr Burnham said they would involve ways to "limit or restrict" file-sharing activity.

The recent French decision is not binding on the UK Government but does highlight the importance of many of the underlying issues, such as consumers’ fundamental freedoms and the need to have appropriate judicial safeguards in place. This closely reflects the underlying provisions of the Convention on Human Rights, which are common to both jurisdictions. We keenly await the UK Government’s proposals to tackle P2P file-sharing in the Digital Britain Report.

Wednesday, June 10, 2009

IT staff snooping on colleagues on rise: survey

By Tarmo Virki, European technology correspondent

HELSINKI (Reuters) - More than one-third of information technology professionals abuse administrative passwords to access confidential data such as colleagues' salary details or board-meeting minutes, according to a survey.


Domain Name Disputes

Googling about and looking for posting material i came across this website with an intensive and well round discussion of Domain Name Disputes check it out.

"The law and policy-makers have had to surmount not only a steep learning curve but also in some cases a foundation that is wrought with mistakes when it comes to the treatment that should be given to virtual property. The Domain Name System (DNS) is the best example of a form of virtual property that has given rise to challenges in law making and administration. The ‘ land grab’ of domain names in the World Wide Web (WWW) have given rise to a virtual tsunami of registrations and this has led to the subsequent erection of levees in the form of a challenge regime. This paper will identify and consider the problems that the DNS is facing and suggest the changes that have to be made to it in order for it to withstand the forces of what will be an increasingly rising sea of domain names on the WWW." - Article by Warren B. Chik Lord of your domain, but master of none: the need to harmonize and recalibrate the domain name regime of ownership and control I.J.L. & I.T. 2008, 16(1), 8-72

Tuesday, June 2, 2009

Technological Opinions of Judge Sotomayer

  • In Specht v Netscape, she wrote a decision regarding the placement of a download button on a web page. All in all, she denied the defendant's motion to compel arbitration as it was believed that the Plaintiff was not a direct beneficiary under the agreement.
  • In Storey v Cello, she wrote an opinion that an adverse outcome from an admiminstrative proceeding did not have preclusive effect on a suit brought under the the Anticybersquatting Consumer Protection Act.
  • In Mattel v. Barbie-club she rejected the argument that the federal court jurisdiction could be created in any federal district merely by providing written evidence of the domain registration with the trial court.

Monday, June 1, 2009

Case Comment: - Solid Host v. NameCheap

Contributory Cybersquatting and the Impending Demise of Domain Name Proxy Services?

By Eric Goldman available on his Tech&Marketing Law Blog.

Solid Host, NL v. NameCheap, Inc., 2:08-cv-05414-MMM-E (C.D. Cal. May 19, 2009)

Facts

This case involves an alleged domain name theft. Solid Host is a web host and initial owner of the domain name solidhost.com, which it registered through eNom in 2004. Solid Host claims that in 2008, a security breach at eNom allowed an unknown interloper (Doe) to steal the domain name and move the registration to NameCheap. Doe also acquired NameCheap's "WhoisGuard" service, a domain name proxy service that masked Doe's contact information in the Whois database. Solid Host contacted Doe and sought the domain name; Doe asked for $12,000, and Solid Host took a pass. Instead, Solid Host demanded that NameCheap hand back the domain name and identify Doe, but Doe claimed that he had bought the domain name legitimately. NameCheap, apparently feeling like the cheese in a sandwich, demurred to Solid Host's requests. Solid Host then got a TRO ordering NameCheap to transfer the name and reveal Doe's identity, both of which occurred. For unclear reasons, Solid Host hasn't amended the complaint to name the Doe, but it is proceeding against NameCheap on various claims, including an Anti-Cybersquatting Consumer Protection Act (ACPA) claim.

The Opinion

Who is the Registrant?

My understanding of domain name proxy services is that the service acts as the legal registrant, thus supplying its contact information, but it registers the domain name for the benefit of its customer, making the customer the beneficial registrant. An analogy: a bank may take legal title of a property as part of securing a loan on the property, but the borrower retains beneficial title to the property.

So, for purposes of the ACPA, is the proxy service the “registrant” of the domain name? ICANN’s agreement with registrars seemingly contemplates this characterization in Section 3.7.7.3 of its Registrar Agreement, which says “A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm.” However, it’s not clear to me that a proxy service “licenses” the domain name, especially if you accept my lender-borrower analogy above. Alternatively, if the proxy service is the “agent” of the customer, the licensing analogy also breaks down.

Whether the proxy service is the registrant matters a great deal to the legal outcome, and unfortunately, the court’s analysis of this important question was cursory, muddled, and possibly internally inconsistent.

In this case, the court’s inquiry is made more difficult by the fact that NameCheap acted as both the registrar and the proxy service provider. As a registrar, an ACPA claim against NameCheap should be squarely preempted by the domain name registry/registrar safe harbor enacted as part of the ACPA (15 U.S.C. §1114(2)(D)). For example, 1114(2)(D)(iii) says:

A domain name registrar, a domain name registry, or other domain name registration authority shall not be liable for damages under this section for the registration or maintenance of a domain name for another absent a showing of bad faith intent to profit from such registration or maintenance of the domain name

(This provision only moots damages, not an injunction, but since Solid Host has the domain name back in its possession, damages seem like the only remaining issue).

The court concludes that NameCheap is not eligible for the domain name registrar safe harbor because NameCheap is the domain name registrant. It says, "NameCheap is, by virtue of the anonymity service it provides, the registrant of a domain name that allegedly infringes Sold [sic] Host’s trademark." Thus, NameCheap is ineligible for the registrar safe harbor, which applies only when the registrar acts as a registrar.

But, having rejected the domain name registrar safe harbor because NameCheap was the domain name registrant, the court then inconsistently says that NameCheap is not the registrant for purposes of the prima facie ACPA claim. Instead, for ACPA purposes the court treats Doe as the registrant, leaving NameCheap exposed to a possible secondary ACPA liability claim. (The court acknowledges that NameCheap would defeat a direct ACPA claim because NameCheap did not have any bad faith intent to profit from the domain name. Offering the proxy service wasn't enough to qualify as a bad faith intent to profit).

Wait a minute—how can NameCheap simultaneously be both the registrant (no safe harbor) but not the registrant (thus, subjected to a secondary claim)? The court does not acknowledge or explain this apparent inconsistency.

Contributory Cybersquatting

Courts have rarely discussed a contributory ACPA claim. The only one cited by the court was a 2001 case (the Ford Motors vs. Greatdomains.com case) and I can’t think of any others. Perhaps this isn’t surprising because (1) as the Greatdomains.com case indicated, a contributory ACPA claim is available "in only exceptional circumstances," and (2) registrars are the most likely targets of a contributory ACPA claim, and the domain name registrar safe harbor effectively eliminates their contributory ACPA liability.

Adopting the analysis in the Greatdomains.com case, this court equates contributory ACPA liability with the Ninth Circuit’s 1999 Lockheed standard for online contributory trademark infringement (as opposed to ACPA liability), which requires that "a plaintiff must prove that the defendant had knowledge and ‘[d]irect control and monitoring of the instrumentality used by the third party to infringe the plaintiff’s mark.'"

So how did NameCheap have the requisite control over Doe's instrumentalities? Good question. The court tosses out this gem: NameCheap was "the “cyber-landlord” of the internet real estate stolen by Doe." WHAT??? The court continues:

NameCheap’s anonymity service was central to Doe’s cybersquatting scheme. If NameCheap had returned the domain name to Solid Host, Doe’s illegal activity would have ceased.

The second sentence is true with respect to NameCheap, but it is also true of every registrar for every domain name they register--and we know from the 1999 Lockheed case that registrars lack control over the instrumentalities of their registrants. So the proxy service seems to make a legal difference, but how does the proxy service evidence NameCheap's greater control over the registrant's instrumentalities? I think something is amiss here.

To complete the prima facie contributory ACPA claim, in addition to control, Solid Host must show that NameCheap has the requisite knowledge of Doe's ACPA violation. The court sets a high scienter bar--mere notice from an aggrieved party isn't enough--but the court conclusorily says that the complaint alleged enough knowledge to survive the motion to dismiss.

Why This is a Troubling Ruling

As I trust is clear, I think the court's analysis is questionable at best. I’m also troubled about the normative implications. Most obviously, this case could portend the demise of domain name proxy services. Read literally, every proxy service is exposed to potential contributory ACPA liability for every domain name it services. I can’t imagine proxy service providers will be excited about that liability exposure, and some may choose to exit the business.

If proxy services evaporate, domain name registrants will have a tougher time maintaining their privacy. This could affect at least two groups. First, businesses seeking to register domain names for unlaunched new brands often want to procure the new brand's domain names without publicly announcing their intentions through the Whois database. (Of course, some businesses register such domain name through agents or shell companies, but at a much greater expense than a proxy service). Second, gripers, whistleblowers, critics and others may want to use proxy services to make it harder for their targets to unmask their identities. This ruling jeopardizes the potential privacy options available to both groups.

I’m also troubled by this ruling’s narrow reading of the domain name registrar safe harbors. There haven’t been many cases interpreting those safe harbors, and this case might influence other courts to read them narrowly.

A Mini-Trend of Lawsuits Against Registrars

I’ve noticed a small but troubling increase in lawsuits against domain name registrars in the past few months. In addition to this case, see the Vulcan Golf v. Google lawsuit (which named some registrars as defendants), OnlineNIC cases, Philbrick v. eNom and uBid v. GoDaddy. Personally, I believe this litigation trend mirrors the expansion of new and legally untested non-registration services offered by registrars. I explored this issue with Elliot Noss of Tucows in the most recent installment of TWiL (worth listening to, IMO). Discussing the uBid lawsuit, Elliott explained how registrars monetize dropped domain names before being returned to the available pool of unregistered domain names. The delay is putatively for the benefit of customers who mistakenly let a registration lapse; but this also has the happy (?) by-product of letting registrars create new ad inventory that they are monetizing.

In the past, a lot of the legal attention regarding domain names has focused on trademark owners vs. registrants. From my perspective, those lawsuits are becoming passé. The real litigation growth industry appears to be trademark owner vs. registrar lawsuits over new registrar service offerings that trademark owners don't like. Rulings like this one, with a broad reading of contributory ACPA liability and a narrow reading of the domain name registrar safe harbor, raise the specter that registrars may find more legal trouble than they anticipated.